[Cryptography] SHA-256 decrypted (8 rounds)

Sun Jan 7 07:06:27 EST 2024

Op vrijdag 10 november 2023 om 01:49 schreef Ray Dillinger <bear at sonic.net>:

> On 11/8/23 03:25, McDair wrote:
>
>> As stated, there is no guessing involved here, meaning a fixed number of iterations that will lead to the/a valid input message.
>
> This wouldn't be true if your code is generating a preimage (reconstructing the input). In what sense, specifically, are you using the word 'decrypt'? Because in precise usage it does not have a defined meaning with respect to a hash function, so it's not clear what you're claiming.
>
> Are you assuming that the input which you're trying to reconstruct is also a single block, or at any rate shorter than the hash? That's what's required for there to be a unique solution which is what you're claiming when you say 'no guessing' - but in that case it wouldn't be a hash function at all.
>
>> Because the SHA-256 output hash still fits in a single input block, the same 'decryption'/reversion method (limited to 8 rounds here) can also be used for SHA-256D (by also applying it twice). Or a multitude of hashes of hashes for that matter.
>
> Again the notion of applying a hash to a single block message. That doesn't make any sense.
>
> For that matter I don't think your VB code works for SHA-256 at all if implementation of the hash rounds are the same as the published algorithm. It looks like you are generating a hash of a single-block input rather than generating a preimage (of any length) given a single-block output.
>
> Bear

>
> As stated, there is no guessing involved here, meaning a fixed number
> of iterations that will lead to the/a valid input message.
>
This wouldn't be true if your code is generating a preimage
(reconstructing the input). In what sense, specifically, are you using
the word 'decrypt'? Because in precise usage it does not have a defined
meaning with respect to a hash function, so it's not clear what you're
claiming.

By decrypting, I mean finding a preimage.

In code, I found 'Encrypt' and 'Decrypt' clearer counterparts than 'Hash' and 'FindPreImage' or something like that. Especially for subroutines.
Also 'Encryption' is a general term wrt cryptography/cryptology.
Additionally, when the message is supposed to stay hidden (password hashes for instance), the message is arguably the key, or the key is the message. In that case 'decryption' also makes sense imo.

Are you assuming that the input which you're trying to reconstruct is
also a single block, or at any rate shorter than the hash? That's
what's required for there to be a unique solution which is what you're
claiming when you say 'no guessing' - but in that case it wouldn't be a
hash function at all.

The 'reconstruction' method finds the exact original input message in case of maximum 8 rounds.
8 rounds of SHA-256 covers eight 32-bit integers, or 256 bits. Which matches the output (hash) size.

As you can see later on, when expanded to the full 64 rounds, the method finds 'a' valid input message (so not necessarily the original message). Valid at least from the perspective of the main compression function.

By no guessing I mean not iteratively going through a range of possible (integer) values and see whether they fit or not.
Finding a preimage (again, not taking into account additional validation), even for 64 rounds happens therefore in negligible time.

> Because the SHA-256 output hash still fits in a single input block,
> the same 'decryption'/reversion method (limited to 8 rounds here) can
> also be used for SHA-256D (by also applying it twice). Or a multitude
> of hashes of hashes for that matter.
>
Again the notion of applying a hash to a single block message. That
doesn't make any sense.

For that matter I don't think your VB code works for SHA-256 at all if
implementation of the hash rounds are the same as the published
algorithm. It looks like you are generating a hash of a single-block
input rather than generating a preimage (of any length) given a
single-block output.

Ah yes, appearances.
Maybe you are confused about the 'Encrypt' usage in the 'Decrypt' function?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240107/11c0bf8d/attachment.htm>